Table of content:
- WHAT IS THE PURPOSE OF THIS INFORMATION?
- DATA MANAGER’S INFORMATION
- WHAT DATA MANAGEMENT PROCESSES ARE CARRIED OUT ON THE WEBSITE?
- WHAT RIGHTS DO USERS HAVE?
- PROCEDURES RELATING TO A REQUEST FOR THE EXERCISE OF RIGHT
- POTENTIAL RECIPIENTS OF PERSONAL DATA, DATA PROCESSORS
- DATA SECURITY
- OTHER PROVISIONS
- What is the purpose of this information?
We accept this Prospectus for the purpose of providing all relevant information and information to the representatives of natural and legal persons using our services (hereinafter: Users) in a concise, transparent, comprehensible and easily accessible form, in clear and comprehensible terms, and to assist the Clients in the exercise of their rights under point 4.
Our information obligation is based on Regulation (EU) 2016/679 of the European Parliament and of the Council applicable from 25 May 2018. Article 12 of Decree No. CXII of 2011 (hereinafter: GDPR) on the right to self-determination and freedom of information. (hereinafter: FOIA), and Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society. § 4 of the Act (hereinafter: Act CVIII).
The Prospectus has been prepared taking into account the GDPR, the FOIA and other relevant legislation relevant to individual data processing. The legislation is listed in Annex 1 of the Prospectus and the most important terms are described in Annex 2.
In developing and applying this prospectus, we have acted in accordance with the findings of the Recommendation to the National Data Protection and Freedom of Information Authority on prior data protection requirements and Article 5 of the GDPR, in particular the principle of accountability in Article 5 (2).
- Data manager’s information
Name: Shahbana Khan
- What data management processes take place on the Website?
In this section, we detail the relevant circumstances for each data controller that the GDPR and other sectoral legislation expects of all data controllers.
3.1 Data management related to newsletter sending
In order to provide visitors to our Website with up-to-date information, it is possible to subscribe to our newsletter. The following information applies to this data management:
3.1.1. Purpose of the personal data processed and data management
purpose of personal data processing
name – by entering this we can address the User in our newsletter
e-mail address – by entering this we get to know the User’s electronic contact, where we can send our newsletter
3.1.2. Legal basis for data management
User’s consent (Article 6 (1) (a) of the GDPR).
3.1.3. Duration of data management
The personal data provided will be processed until the consent is withdrawn. The User may withdraw his consent at any time by clicking on the “Unsubscribe” button in the sent letter.
3.1.4. Method of data management
In electronic form.
3.2. Contact data management
You can contact us through our website for any purpose. Details of the related data management are shown below.
3.2.1. Purpose of the personal data processed and data management
purpose of personal data processing
name – User identification
e-mail address – contact the User
telephone number – contact the User
3.2.2. Legal basis for data management
Statutory data management; Subject to Article 6 (1) (c) and (2) of the GDPR, FOIA. Section 5 (1) b) and the Act CVIII. 13 / A. § (1) and (3).
3.2.3. Duration of data management
For 1 year after contact.
3.2.4. Method of data management
In electronic form.
- What rights do Users have?
It is important to us that our data management meets the requirements of fairness, legality and transparency. In light of this, we briefly present the rights of each of the parties concerned in this section, and then explain them in more detail in Annex 3 to the prospectus.
Our user may request free information about the details of the processing of his / her personal data, as well as in cases specified by law, request their correction, deletion, blocking, or restriction of their processing, and may object to the processing of such personal data. Requests for information and requests in this section can be addressed by our User to our contact details in section 2.
4.1. Access right
Our users can receive feedback from us about the handling of their personal data and have access to this personal data and the details of their handling.
4.2. Right to rectification
At the request of our user, we will correct inaccurate personal data without undue delay, and we are entitled to request the completion of incomplete personal data, inter alia by means of an additional statement.
4.3. Right of cancellation
At the request of our user, we will delete personal data relating to him or her if we do not need to process it, or withdraw his or her consent, or object to the processing of the data, or their processing is illegal.
4.4. Right to forget
If we so request, we will try to notify all data controllers of our User’s request for cancellation who have become aware of or may have become acquainted with our User’s possibly disclosed data.
4.5. Right to restrict data management
At the request of our User, we restrict the data processing if the accuracy of the personal data is disputed, or the data processing is illegal, or our User objects to the data processing, or if we no longer need the provided personal data.
4.6. Right to data portability
Our user may receive the personal data concerning him / her in a structured, widely used, machine-readable format, or forward it to another data controller.
4.7. Responding to requests
The application will be examined as soon as possible after its submission, but not later than within 30 days – in case of protest – 15 days – and a decision on its merits will be made, of which the applicant will be informed in writing. If we do not comply with our User’s request, we will state in our decision the factual and legal reasons for rejecting the request.
The protection of personal data is important to us, and at the same time we respect the right of users to self-determination of information, therefore we try to respond to all requests in a correct manner and within the time limit. In view of this, we ask Dear Users to contact us – in order to make a complaint – in order to settle any disputes amicably before using any official and court claims.
If the request does not lead to a result our user
– pursuant to Act V of 2013 on the Civil Code, you can assert your rights in court (the lawsuit can also be initiated before the court competent according to the place of residence or stay of our User, and
– to the National Data Protection and Freedom of Information Authority.
- Our application procedure
5.1. Notify recipients
We will always notify the recipients to whom or with whom the User’s personal data has been communicated of rectification, deletion or data processing restrictions, unless this proves impossible or requires a disproportionate effort. At the request of the User, we will provide information about these recipients.
5.2. Method and deadline of information
We will provide information on the measures taken following the requests related to point 4 in electronic form within a maximum of one month from the receipt of the request, unless otherwise requested by the User. This period may be extended by a further two months if necessary, taking into account the complexity of the application and the number of applications. We will inform the User about the extension of the deadline, indicating the reasons, within one month from the receipt of the request.
Oral information may be provided at the request of the User, provided that he / she proves his / her identity in another way.
If we do not act on the request, we will inform the User of the reasons for this within a maximum of one month of receiving it, as well as of the fact that he may lodge a complaint and exercise his right of judicial appeal (Section 4.8).
In exceptional cases, if we have reasonable doubts about the identity of the natural person submitting the application, we ask you to provide additional information necessary to confirm your identity. This measure is necessary to promote the confidentiality of data processing, as defined in Article 5 (1) (f) of the GDPR, ie to prevent unauthorized access to personal data.
5.4. Information and action costs
The information provided on the requests related to point 4 and the measures taken on the basis thereof shall be provided free of charge.
If the User’s request is manifestly unfounded or, in particular due to its repetitive nature, excessive, we will charge a reasonable fee or refuse to act on the request, taking into account the administrative costs of providing the requested information or information or taking the requested action.
- Potential recipients of personal data, data processors
6.1. In connection with the operation of the Website
The hosting provider, as a data processor, has the right to access the personal data provided during the use of the Website.
Name: SiteGround – ul. “Olimpijska” №6, 1756 g.k. Sofia park, Sofia, Bulgaria
6.2. In connection with sending a newsletter
To send newsletters to the Website, there is newsletter software operated by the data processor we use. The data of the data processor are as follows:
6.3. In the context of social media interfaces
Our website also has several social media interfaces (e.g. Facebook, Instagram, You Tube); Thus, for example, if a User “likes” our site on Facebook or “follows” us on Instagram, we will learn about all personal information associated with their profile and available to the public. Relevant information on the data management arising on these pages can be found in the service provider’s own data management policy.
6.4. In connection with the issue of an invoice
In connection with the invoicing, the tax authority is entitled to get acquainted with the personal data provided by the Users for this purpose in the course of its activities.
- Data security
We and the employees of the data processors have the right to get acquainted with the personal data of the User to the extent necessary for the performance of the tasks belonging to their job. We take all security, technical and organizational measures that guarantee the security of the data.
7.1. Organizational measures
We provide access to our IT systems with personal rights. The principle of “necessary and sufficient rights” applies to the allocation of access, ie all employees may use our IT systems and services only to the extent necessary for the performance of their duties, with the appropriate rights and for the required period of time. Access to IT systems and services should only be granted to a person who is not restricted for security or other reasons (eg conflicts of interest) and who has the professional, business and information security knowledge required to use it securely.
We and the data processors agree to strict confidentiality rules in a written statement and are obliged to act in accordance with these confidentiality rules in the course of our activities.
7.2. Technical measures
The data – with the exception of the data stored by our data processors – is stored on our own devices in a data center. The IT devices storing the data are stored in a separate, separate closed server room, protected by a multi-stage access control system subject to authorization control.
We protect our internal network with multi-level firewall protection. In all cases, a hardware firewall (border protection device) is located everywhere at the entry points of the public networks used. The data is stored redundantly – ie in several places – in order to protect it from destruction, loss, damage and illegal destruction due to the failure of the IT device.
We protect our internal networks from external attacks with multi-level, active protection against complex malicious code (eg virus protection). We implement the essential external access to the IT systems and databases operated by us via an encrypted data connection (VPN).
We do our best to ensure that our IT tools and software continuously comply with the generally accepted technological solutions in the operation of the market.
During our development, we develop systems in which logging can be used to control and track the operations performed, and to detect incidents, such as unauthorized access.
Our server is located on the hosting provider’s separate dedicated server, protected and closed.
We use the https protocol on the website, which means a higher level of data security compared to the http protocol.
In order for our website to work properly, in some cases we place small data files on the User’s computer device, similar to most modern websites.
8.1. What is a cookie?
A cookie is a small text file that the website places on the User’s computer device (including mobile phones). As a result, the website can “remember” the User’s settings (e.g., language used, font size, display, etc.), so you don’t have to reset it every time you visit our website.
List of cookies used on the Website:
Source of cookie – Name of Cookie – Cookie’s function – Cookie’s expiration date
– .shahbanakhan.com – _ga – GA1.2.2135724578.1622141483 – 2023.07.27.,15:36:16 (in 2 years)
– .shahbanakhan.com – _ga_KR9X71RPL0 – GS1.1.16231596188.8.131.523159635.0 – 2023.07.08., 15:40:35 (in 2 years)
– .shahbanakhan.com – _gali – X – immediately after session
– .shahbanakhan.com – _gat_gtag_UA_203160064_1 – 1 – immediately after session
– .shahbanakhan.com – _gd1627392982876 – X – immediately after session
– .shahbanakhan.com – _gd1627392982877 – X – immediately after session
– .shahbanakhan.com – _gd1627392988237 – X – immediately after session
– .shahbanakhan.com – _gd1627392988239 – X – immediately after session
– .shahbanakhan.com – _gd1627392994647 – X – immediately after session
– .shahbanakhan.com – _gd1627392994649 – X – immediately after session
– .shahbanakhan.com – _gd1627393027397 – X – immediately after session
– .shahbanakhan.com – _gd1627393027399 – X – immediately after session
– .shahbanakhan.com – _gd1627393029819 – X – immediately after session
– .shahbanakhan.com – _gd1627393029820 – X – immediately after session
– .shahbanakhan.com – _gd1627393059391 – X – immediately after session
– .shahbanakhan.com – _gd1627393059393 – X – immediately after session
– .shahbanakhan.com – _gid – GA1.2.1337943390.1627392758 – in 24 hours
– .shahbanakhan.com – wordpress_test_cookie – WP%20Cookie%20check – immediately after session
These cookies can be deleted or blocked, but in this case the Website may not work properly.
8.2. Google Analytics
- The Website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.
- Information generated by cookies associated with a website used by a User is typically stored and stored on a Google server in the United States. By activating IP anonymization on the Website, Google will shorten the User’s IP address within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.
- The full IP address will be transmitted to and truncated to Google’s server in the U.S. only in exceptional cases. On our behalf, Google will use this information to evaluate how the User has used the Website and to provide us with reports relating to website activity and to provide additional services relating to website and internet usage.
- Google Analytics does not reconcile the IP address transmitted by the User’s browser with other Google data. The User may prevent the storage of cookies by setting their browser properly, however, please note that in this case, not all functions of this website may be fully available. You may also prevent Google from collecting and processing your information about your use of the Website (including your IP address) by cookies by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=h
8.3. How are cookies handled?
Cookies can be deleted (see www.AllAboutCookies.org for details) or blocked by most browsers today. In this case, however, when using our website, certain settings will need to be reconfigured each time and certain services may not work.
Detailed information on deleting and blocking cookies can be found at www.AllAboutCookies.org (in English) and on the browser used by the User at the following links:
- Firefox – https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
- Google Chrome – https://support.google.com/chrome/answer/95647
- Microsoft Internet Explorer 11 – https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies#ie=ie-11
- Safari 8 – https://support.apple.com/hu-hu/guide/safari/sfri11471/mac
- Safari 6/7 – https://support.apple.com/hu-hu/guide/safari/sfri11471/mac
- Opera – https://help.opera.com/en/latest/web-preferences/#cookies
- Other provisions
9.1. Data collection on activity
We may collect data about the activity of the Users, which cannot be combined with other data provided by the User during registration, or with data generated when using other websites or services.
9.2. Data management for different purposes
If we intend to use the provided data for a purpose other than the purpose of the original data collection, we will inform the Users about this and obtain their prior, express consent, or provide them with the opportunity to prohibit the use.
9.3. Obligation to register
We keep a record of the data management activities carried out under our responsibility (data management activity record) in accordance with Article 30 of the GDPR.
9.4. Privacy incident
A data protection incident is a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data processed. In the event of a data protection incident, we are obliged to act in accordance with Articles 33 and 34 of the GDPR. We record data protection incidents, indicating the facts related to the data protection incident, its effects and the measures taken to remedy it.
We have the right to unilaterally amend this Prospectus at any time.
Applicable from: 2021. 07. 28.
In preparing the Prospectus, the Data Controller has taken into account the relevant applicable legislation and the most important international recommendations, in particular the following:
– Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (GDPR)
– Act CXII of 2011 on the right to information self-determination and freedom of information. Act CXII of 2011 Act (FOIA)
Concepts related to the processing of personal data
– data controller: the legal person who determines the purposes and means of the processing of personal data;
– data management: any operation or set of operations on personal data or data files, whether automated or non-automated, such as collection, recording, systematisation, segmentation, storage, transformation or alteration, retrieval, consultation, use, communication, transmission, distribution or otherwise harmonization or interconnection, restriction, deletion or destruction;
– data transfer: making the data available to a specific third party;
– erasure of data: making the data unrecognizable in such a way that it is no longer possible to recover them;
– data designation: the identification of the data in order to distinguish it;
– Restriction of data processing: marking of stored personal data in order to limit their future processing;
– data destruction: complete physical destruction of the data carrier;
– data processor: the legal person that processes personal data on behalf of the controller;
– recipient: any natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not;
– cookie: a small data packet (text file) sent by the web server and placed on the user’s computer for a specified period of time, which, depending on its nature, can be supplemented by the server on new visits, ie if the browser returns a previously saved cookie to the cookie provider you have the option to link the user’s current visit to previous ones, but only for their own content;
– data subject / user: an identified or identifiable natural person; identify a natural person who, directly or indirectly, in particular on the basis of an identifier such as name, number, location, online identifier or one or more factors relating to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person identifiable;
– third party: any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor or persons who have been authorized to process personal data under the direct control of the controller or processor;
– the data subject’s consent: a voluntary, specific and well-informed and unambiguous statement of the data subject’s consent to indicate his or her consent to the processing of personal data concerning him or her, by means of a statement or an unequivocal statement of confirmation;
– IP address: in all networks in which communication takes place according to the TCP / IP protocol, the server machines have an IP address, ie an identification number, which enables the identification of the given machines via the network. It is known that every computer connected to a network has an IP address through which it can be identified.
– personal data: any information about the data subject .;
– protest: a statement by the data subject objecting to the processing of his or her personal data and requesting the termination of the processing or the deletion of the processed data.
The User is entitled to have access to the personal data processed by us upon his / her request – submitted at one of our contact details. As part of this, the User will be informed about the following:
– whether your personal data is being processed;
– the purposes of data management;
– the categories of personal data concerned;
– the recipients or categories of recipients to whom or with whom the personal data have been or will be communicated;
– the intended duration of the storage of personal data;
– legal remedies;
– information on data sources.
The User may also request the provision of a copy of the personal data that is the subject of data management. In this case, the personal data will be provided in a structured, widely used, computer-readable format (PDF / XML) or in a printed version on paper. Requesting a copy is free.
Based on the request submitted through our contact details, the User is entitled to request the correction of inaccurate personal data processed by us and the supplementation of incomplete data. If we do not have the information necessary to clarify or supplement the untrue information, we may request the submission of this additional data and the verification of the accuracy of the data. Until the data can be clarified or supplemented – in the absence of additional information – we will restrict the processing of the personal data concerned, and the operations performed on them – with the exception of storage – will be temporarily suspended.
Based on the request submitted through our contact details, the User is entitled to request the deletion of the personal data processed by us, if any of the following conditions exist:
– we no longer need the data;
– we have concerns about the lawfulness of the processing of your data by us.
If, following the User’s request, we determine that there is an obligation to delete the personal data we process, we will terminate the processing of the data and destroy the previously processed personal data. In addition, the obligation to delete personal data may be based on the withdrawal of consent, the exercise of the right to protest and legal obligations.
Restrictions on data management
Based on the request submitted through our contact details, the User is entitled to request a restriction on the processing of personal data processed by us in the following cases:
– is concerned about the lawfulness of the processing of personal data we process about him/her and calls for a restriction instead of deleting the data;
– we no longer need the data, but the User requests it to submit, enforce or protect legal claims.
We automatically restrict the processing of personal data in the event that the User disputes the accuracy of the personal data or if the User exercises the right to object. In this case, the restriction shall apply for a period which allows the accuracy of the personal data to be verified or, in the event of an objection, to establish whether the conditions for continuing the processing exist.
During the restriction period, no data management operations may be performed on the marked personal data, only the data may be stored. Personal data may only be processed in the following cases if data processing is restricted:
– with the consent of the data subject;
– filing, asserting or defending legal claims;
– protection of the rights of another natural or legal person;
– Important public interest.
Users will be notified in advance of the lifting of the restriction.
Based on the request submitted through our contact details, the User is entitled to request the provision of the personal data processed by us concerning him / her in order to further use them specified by the User. In addition, the User may request that our personal data be transferred to another data controller designated by him.
This right is limited only to the personal data provided to us by the User and processed in order to fulfill his contract. There is no possibility of other data portability. We provide personal data to the User on a paper basis in a structured, widely used, computer-readable format (PDF / XML) and in its printed version.
We inform the User that the exercise of this right does not automatically lead to the deletion of personal data from our systems. In addition, the User is entitled to contact or keep in touch with us again after the transfer of the data.
The User may, at any time, object to the processing of his personal data for the purpose of registration, based on a request submitted through our contact details. In this case, the Data Controller examines whether the data processing is justified by compelling legitimate reasons that take precedence over the interests, rights and freedoms of the User, or which are related to the submission, enforcement or protection of legal claims. If we find that such reasons exist, we will continue to process your personal data. Otherwise, personal data will no longer be processed.